> Hello
> when I created my IDP I had test certificates in place. Once I was
> ready to register it I had real certificates in place. When I sent
> through my idp-metadata.xml file I was told I still had test
> certificate data in it rather than real certificate data.
> I sent through the certificate info and was duly registered.
> I thought I had fixed the idp-metadata, but now I'm worried that my
> idp-metadata.xml has something wrong with the certificate part of it
> and I don't know what I'm looking at to try to check it. Should the
> ds:x509 section match the contents of the .crt file?
Yes, and you can look at the crt file with openssl ("openssl x509 -noout -text foo.crt" should do it).
> I'm getting an error of 'No return endpoint available for relying
> party... when I try to test against the test thing on the UK Federation
> site and the trouble shooting section suggests no metadata as one
> possibility, hence my worry.
When did the metadata get accepted? If it was today then you will need to wait until the UK Fed support folks mail you that it has been updated (and then a few minutes more) to allow the test SP to learn about you.
> The other option is that there is something wrong with my handler.xml
> but I can't see anything in it, that is jumping off the page screaming
> fix me, fix me!
This doesn't feel like an IdP thing - but just in case, who gave you that message you quoted? Your IdP or the SP?
If in doubt, check your logs...
> I'm really beginning to hate this thing.
> Once I have that fixed I then have to sort out something about a
> computedID no longer in use and I should switch it to StoredID
Yes you _should_, but you might want to wait for two weeks when the odds of you throwing the whole shebang out of the window has reduced. computedID will be OK for a short while - or even longer, so long as you don't mind aggravating all your userbase (worst case) if anyone ever needs to have their Id revoked.
Rod
|